Verify that your VMware appliance host machines deny IPv4 forwarding.

About this task

If the system is configured for IP forwarding and is not a designated router, attackers could use it to bypass network security by providing a path for communication not filtered by network devices. Configure your virtual appliance host machines to deny IPv4 forwarding to avoid this risk.

Procedure

  1. Run the # cat /proc/sys/net/ipv4/ip_forward command on the VMware appliance host machines to confirm that they deny IPv4 forwarding.

    If the host machines are configured to deny IPv4 forwarding, this command will return a value of 0 for /proc/sys/net/ipv4/ip_forward. If the virtual machines are configured correctly, no further action is necessary.

  2. To configure a virtual appliance host machine to deny IPv4 forwarding, open the /etc/sysctl.conf file in a text editor.
  3. Locate the entry that reads net.ipv4.ip_forward=0. If the value for this entry is not currently set to zero or if the entry does not exist, add it or update the existing entry accordingly.
  4. Save any changes and close the file.